In the last post we learnt about Repeater configuration and authenticaion via WPA2-PSK. Here is the link : Autonomous AP as Repeater with WPA2
In last post we also learned the basic concept and theoretical knowledge of repeater and there usage.
In this post we will directly conifgure the Root AP/Repeater AP with LEAP Authentication.
Here is the configuration of Root and Repeater AP.
Root AP:
hostname Root-AP ! aaa new-model ! aaa group server radius rad_eap server 10.35.80.110 auth-port 1812 acct-port 1813 ! aaa authentication login eap_method group rad_eap ! dot11 ssid RSCCIEW vlan 80 authentication network-eap eap_method authentication key-management wpa version 2 infrastructure-ssid ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 80 mode ciphers aes-ccm ! ssid RSCCIEW ! station-role root ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 10.35.80.110 255.255.255.0 no ip route-cache ! ip default-gateway 10.35.80.254 radius-server local nas 10.35.80.110 key 7 070C285F4D06485744 nas 10.35.80.111 key 7 14141B180F0B7B7977 user repeater nthash 7 144231535C540C7A77096016074B51332753030D0877705A264F450A09720A7307 user sandeep nthash 7 101B2A415547345A5F25790801706510064152425325720D7D04075D523D4F780A ! radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 070C285F4D06485744
Repeater AP:
hostname Repeater-AP ! aaa new-model ! aaa group server radius rad_eap server 10.35.80.110 auth-port 1812 acct-port 1813 ! aaa authentication login eap_method group rad_eap ! dot11 ssid RSCCIEW vlan 80 authentication open eap eap_method --> also need to add the open EAP for clients which may associate with Repeater AP. authentication network-eap eap_method authentication key-management wpa version 2 dot1x credentials LEAP dot1x eap profile LEAP guest-mode infrastructure-ssid ! eap profile LEAP method leap ! dot1x credentials LEAP username repeater password 7 01100F175804 ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 80 mode ciphers aes-ccm ! ssid RSCCIEW ! station-role repeater ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 10.35.80.111 255.255.255.0 no ip route-cache ! radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 030752180500701E1D
This is the notification we get after authentication:
*Dec 17 10:40:02.500: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP Root-AP 003a.9914.1370 [LEAP WPAv2]
Here is the client status:
Root-AP#sh dot11 associations 802.11 Client Stations on Dot11Radio0: SSID [RSCCIEW] : MAC Address IP address Device Name Parent State 2894.0fa8.a594 10.35.80.111 ap1240-Rptr Repeater-AP self EAP-Assoc ac7b.a1d1.c289 10.35.80.109 Rptr-client Repeater-AP 2894.0fa8.a594 EAP-Assoc Root-AP# Root-AP#sh dot11 ass Root-AP#sh dot11 associations ac7b.a1d1.c289 Address : ac7b.a1d1.c289 Name : Repeater-AP IP Address : 10.35.80.109 Interface : Dot11Radio 0 Device : Rptr-client Software Version : NONE CCX Version : NONE Client MFP : Off State : EAP-Assoc Parent : 2894.0fa8.a594 SSID : RSCCIEW VLAN : 80 Hops to Infra : 0 Clients Associated: 0 Repeaters associated: 0 Root-AP#
In the next post we will learn how to Authenticate Repeater via EAP-FAST.
One thought on “Autonomous AP as Repeater with LEAP”